Lucene search

Ryo Onodera (Cryptography Laboratory Tokyo Denki University)PATCHSTACK:79E021E674BA53B4F04B9D494C7F7D07

HistoryJun 16, 2022 - 12:00 a.m.

WordPress Button Widget Smartsoft plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

2022-06-1600:00:00

Ryo Onodera (Cryptography Laboratory Tokyo Denki University)

patchstack.com

wordpress

button widget

smartsoft

csrf

xss

ryo onodera

cryptography laboratory

tokyo denki university

deactivate

delete

closure

review

EPSS

0.001

Percentile

50.5%

JSON

Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS) was discovered by Ryo Onodera (Cryptography Laboratory Tokyo Denki University) in the WordPress Button Widget Smartsoft plugin (versions <= 1.0.1).

Solution

Deactivate and delete. This plugin has been closed as of June 8, 2022 and is not available for download. This closure is temporary, pending a full review.

References

www.wordfence.com/vulnerability-advisories/#CVE-2022-1912

EPSS

0.001

Percentile

50.5%

JSON

Related for PATCHSTACK:79E021E674BA53B4F04B9D494C7F7D07